[sudo-users] NOPASSWD rules prompt for a password when run non-interactively
graham.binns at gmail.com
Tue Apr 11 16:55:41 EDT 2006
I'm using sudo as part of a subversion repository. When a commit is
made to the repository, the repository's post-commit script runs and
updates a working copy of that repository. In order to do that
successfully the update command is run via sudo, with the command run
as the user that owns the repository.
In order to make this work I've created a group, svnusers, which can
run the svn command as the owner of the working copy (called
subversion, for the sake of argument) without having to specify a
%svnusers ALL=(subversion) NOPASSWD: /usr/bin/svn
visudo tells me that this is fine and good and everything appears to
work. If I run the svn update command from the terminal, thus:
sudo -u subversion svn update <filename>
Then everything works.
However, when I run the command through the post-commit script - and
therefore non-interactively (as I see it anyway; the script is invoked
by the subversion process once the commit is complete) sudo prompts
for a password. I know this because, as debugging data, I am
redirecting STOUT and STERR to files in order to watch what is going
on. If I specify a password prompt that includes the name of the
invoking and runas users, e.g.:
sudo -u subversion -p %u:%U svn update <filename>
Then I see the correct usernames both before and after the :.
Can anyone tell me why I'm being asked for a password, or at least
point me in the right direction?
Thanks in advance,
More information about the sudo-users